Curso: Ethical Hacking and Countermeasures

Size: px
Start display at page:

Download "Curso: Ethical Hacking and Countermeasures"

Transcription

1 Curso: Ethical Hacking and Countermeasures Module 1: Introduction to Ethical Hacking Who is a Hacker? Essential Terminologies Effects of Hacking Effects of Hacking on Business Elements of Information Security Authenticity and Non-Repudiation The Security, Functionality, and Usability Triangle What Does a Hacker Do? Phase 1 Reconnaissance o Reconnaissance Types Phase 2 Scanning Phase 3 Gaining Access Phase 4 Maintaining Access Phase 5 Covering Tracks Types of Attacks on a System o Operating System Attacks o Application-Level Attacks o Shrink Wrap Code Attacks o Misconfiguration Attacks Why Ethical Hacking is Necessary? Defense in Depth Scope and Limitations of Ethical Hacking What Do Ethical Hackers Do? Skills of an Ethical Hacker Vulnerability Research Vulnerability Research Websites What is Penetration Testing? Why Penetration Testing? Penetration Testing Methodology Module 2: Footprinting and Reconnaissance Footprinting Terminologies What is Footprinting? Objectives of Footprinting Footprinting Threats Finding a Company s URL Locate Internal URLs Public and Restricted Websites Search for Company s Information o Tools to Extract Company s Data Footprinting Through Search Engines Collect Location Information People Search o People Search Using o People Search Online Services o People Search on Social Networking Services Gather Information from Financial Services Footprinting Through Job Sites Monitoring Target Using Alerts Página 1 de 9

2 Competitive Intelligence Gathering WHOIS Lookup Extracting DNS Information DNS Interrogation Tools DNS Interrogation Online Tools Locate the Network Range Traceroute Mirroring Entire Website Extract Website Information from Tracking Communications Footprint Using Google Hacking Techniques What a Hacker Can Do With Google Hacking? Google Advance Search Operators Finding Resources using Google Advance Operator Google Hacking Tool: Google Hacking Database (GHDB) Google Hacking Tools Additional Footprinting Tools Footprinting Countermeasures Footprinting Pen Testing Module 3: Scanning Networks Network Scanning Types of Scanning Checking for Live Systems ICMP Scanning Ping Sweep Three-Way Handshake TCP Communication Flags Hping Commands Scanning Techniques Scanning Tools Scanning Countermeasures OS Fingerprinting Banner Grabbing Tools Hiding File Extensions Vulnerability Scanning Network Vulnerability Scanners Network Mappers Proxy Servers Why Attackers Use Proxy Servers? Use of Proxies for Attack Free Proxy Servers TOR (The Onion Routing) TOR Proxy Chaining Software HTTP Tunneling Techniques Why do I Need HTTP Tunneling? Additional HTTP Tunneling Tools SSH Tunneling Proxy Tools Types of Anonymizers Anonymizer Tools Spoofing IP Address IP Spoofing Countermeasures Scanning Pen Testing Página 2 de 9

3 Module 4: Enumeration What is Enumeration? Techniques for Enumeration Netbios Enumeration Enumerating User Accounts Enumerate Systems Using Default Passwords SNMP (Simple Network Management Protocol) Enumeration UNIX/Linux Enumeration LDAP Enumeration SMTP Enumeration DNS Zone Transfer Enumeration Using nslookup Enumeration Countermeasures Enumeration Pen Testing Module 5: System Hacking Information at Hand Before System Hacking Stage System Hacking: Goals CEH Hacking Methodology (CHM) Password Cracking o Password Complexity o Password Cracking Techniques o Types of Password Attacks Passive Online Attacks: Wire Sniffing Password Sniffing Passive Online Attack: Man-in-the-Middle and Replay Attack Active Online Attack: Password Guessing Active Online Attack: Trojan/Spyware/Keylogger Active Online Attack: Hash Injection Attack o Rainbow Attacks: Pre-Computed Hash o Distributed Network Attack o Non-Electronic Attacks o Manual Password Cracking (Guessing) o Automatic Password Cracking Algorithm o Stealing Passwords Using USB Drive Microsoft Authentication How Hash Passwords are Stored in Windows SAM? What is LAN Manager Hash? Kerberos Authentication Salting Password Cracking Tools How to Defend against Password Cracking? Privilege Escalation Privilege Escalation Tools How to Defend against Privilege Escalation? Executing Applications Keylogger Types of Keystroke Loggers Keyloggers Spyware o What Does the Spyware Do? o Types of Spywares How to Defend against Keyloggers? o Anti-Keylogger o Anti-Keyloggers Página 3 de 9

4 How to Defend against Spyware? Rootkits Types of Rootkits How Rootkit Works? Detecting Rootkits o Steps for Detecting Rootkits How to Defend against Rootkits? What is Steganography? Types of Steganography Image Steganography Steganography Detection Tools System Hacking Penetration Testing Module 6: Trojans & Backdoors What is a Trojan? Purpose of Trojans Indications of a Trojan Attack Common Ports used by Trojans How to Infect Systems Using a Trojan? Wrappers Different Ways a Trojan can Get into a System How to Deploy a Trojan? Evading Anti-Virus Techniques Types of Trojans Destructive Trojans Notification Trojans Credit Card Trojans Data Hiding Trojans (Encrypted Trojans) How to Detect Trojans? Process Monitoring Tool: What s Running o Process Monitoring Tools Scanning for Suspicious Windows Services Scanning for Suspicious Startup Programs Scanning for Suspicious Files and Folders Scanning for Suspicious Network Activities Trojan Countermeasures Backdoor Countermeasures Pen Testing for Trojans and Backdoors Module 7: Viruses & Worms Introduction to Viruses Stages of Virus Life Working of Viruses: Infection Phase Working of Viruses: Attack Phase Indications of Virus Attack Virus Hoaxes Virus Analysis: Types of Viruses Transient and Terminate and Stay Resident Viruses Writing a Simple Virus Program Computer Worms How is a Worm Different from a Virus? Página 4 de 9

5 Example of Worm Infection: Conficker Worm Worm Analysis: Malware Analysis Procedure Online Malware Testing: VirusTotal Online Malware Analysis Services Virus Detection Methods Virus and Worms Countermeasures Anti-virus Tools Penetration Testing for Virus Module 8: Sniffers Sniffing Threats How a Sniffer Works? Hacker Attacking a Switch Types of Sniffing Protocols Vulnerable to Sniffing Hardware Protocol Analyzers SPAN Port MAC Flooding MAC Spoofing/Duplicating DNS Poisoning Techniques Sniffing Tools Discovery Tools Additional Sniffing Tools How an Attacker Hacks the Network Using Sniffers? How to Defend Against Sniffing? Module 9: Denial of Service What is a Denial of Service Attack? What is Distributed Denial of Service Attacks? Symptoms of a DoS Attack Cyber Criminals DoS Attack Techniques Botnet DoS Attack Tools Detection Techniques DoS/DDoS Countermeasure Strategies Post-attack Forensics Techniques to Defend against Botnets DoS/DDoS Countermeasures DoS/DDoS Protection at ISP Level DoS/DDoS Protection Tool Denial of Service (DoS) Attack Penetration Testing Module 10: Session Hijacking What is Session Hijacking? Why Session Hijacking is Successful? Key Session Hijacking Techniques Brute Forcing Spoofing vs. Hijacking Session Hijacking Process Página 5 de 9

6 Packet Analysis of a Local Session Hijack Types of Session Hijacking Predictable Session Token Man-in-the-Middle Attack Client-side Attacks Cross-site Script Attack Session Fixation Network Level Session Hijacking The 3-Way Handshake TCP/IP Hijacking Man-in-the-Middle Attack using Packet Sniffer Session Hijacking Tools o Paros o Burp Suite o Firesheep Countermeasures Protecting against Session Hijacking Session Hijacking Remediation Session Hijacking Pen Testing Module 11: Hijacking Webservers Website Defacement Why Web Servers are Compromised? Impact of Webserver Attacks Webserver Misconfiguration Directory Traversal Attacks HTTP Response Splitting Attack Web Cache Poisoning Attack HTTP Response Hijacking SSH Bruteforce Attack Man-in-the-Middle Attack Webserver Password Cracking Web Application Attacks Webserver Attack Methodology o Information Gathering o Webserver Footprinting Webserver Footprinting Tools o Mirroring a Website o Vulnerability Scanning o Session Hijacking o Hacking Web Passwords Webserver Attack Tools Web Password Cracking Tool Countermeasures How to Defend Against Web Server Attacks? Patches and Hotfixes What is Patch Management? Webserver Security Tools Web Server Penetration Testing Página 6 de 9

7 Module 12: Hijacking Web Applications How Web Applications Work? Web 2.0 Applications Vulnerability Stack Web Attack Vectors Web Application Threats Unvalidated Input Parameter/Form Tampering Directory Traversal Security Misconfiguration Injection Flaws o SQL Injection Attacks o Command Injection Attacks o Command Injection Example o File Injection Attack Cross-Site Scripting (XSS) Attacks o How XSS Attacks Work? o Cross-Site Scripting Attack Scenario: Attack via o XSS Example: Attack via o XSS Example: Stealing Users' Cookies o XSS Example: Sending an Unauthorized Request o XSS Attack in Blog Posting o XSS Attack in Comment Field o XSS Cheat Sheet o Cross-Site Request Forgery (CSRF) Attack o How CSRF Attacks Work? Buffer Overflow Attacks Cookie/Session Poisoning Session Fixation Attack Improper Error Handling Insecure Cryptographic Storage Broken Authentication and Session Management Unvalidated Redirects and Forwards Footprint Web Infrastructure Web Spidering Using Burp Suite Hacking Web Servers Analyze Web Applications Attack Authentication Mechanism Username Enumeration Password Attacks: Password Functionality Exploits Password Attacks: Password Guessing Password Attacks: Brute-forcing Session Attacks: Session ID Prediction/ Brute-forcing Cookie Exploitation: Cookie Poisoning Authorization Attack Session Management Attack Attack Web App Client Web Application Hacking Tools Web Application Countermeasures Web Application Pen Testing Página 7 de 9

8 Module 13: SQL Injections What is SQL Injection? SQL Injection Attacks Server Side Technologies HTTP Post Request SQL Injection Detection SQL Injection Black Box Pen Testing Types of SQL Injection What is Blind SQL Injection? SQL Injection Methodology Transfer Database to Attacker s Machine Interacting with the Operating System Interacting with the FileSystem How to Defend Against SQL Injection Attacks? Module 14: Hacking Wireless Networks Wireless Networks Types of Wireless Encryption WEP Encryption How WPA Works? Temporal Keys How WPA2 Works? WEP vs. WPA vs. WPA2 WEP Issues Wireless Threats: Access Control Attacks Wireless Threats: Integrity Attacks Wireless Threats: Confidentiality Attacks Wireless Threats: Availability Attacks Wireless Threats: Authentication Attacks Rogue Access Point Attack Wireless Hacking Methodology Find Wi-Fi Networks to Attack Attackers Scanning for Wi-Fi Networks Footprint the Wireless Network Wireless Sniffers Aircrack-ng Suite Man-in-the-Middle Attack WEP Cracking Using Cain & Abel WPA Brute Forcing Using Cain & Abel Wireless Security Layers How to Defend Against Wireless Attacks? Wireless Intrusion Prevention Systems Wi-Fi Vulnerability Scanning Tools Wireless Penetration Testing Página 8 de 9

9 Module 15: Buffer Overflow Buffer Overflows Why are Programs And Applications Vulnerable? Understanding Stacks Stack-Based Buffer Overflow Understanding Heap o Heap-Based Buffer Overflow Stack Operations o Shellcode Knowledge Required to Program Buffer Overflow Exploits Buffer Overflow Steps Simple Uncontrolled Overflow Simple Buffer Overflow in C Identifying Buffer Overflows How to Detect Buffer Overflows in a Program? Buffer Overflow Penetration Testing Module 16: Penetration Testing Introduction to Penetration Testing Security Assessments Vulnerability Assessment Penetration Testing Why Penetration Testing? What Should be Tested? What Makes a Good Penetration Test? Types of Penetration Testing o External Penetration Testing o Internal Security Assessment o Black-box Penetration Testing o Grey-box Penetration Testing o White-box Penetration Testing o Announced / Unannounced Testing o Automated Testing o Manual Testing Common Penetration Testing Techniques Using DNS Domain Name and IP Address Information Enumerating Information about Hosts on Publicly-Available Networks Phases of Penetration Testing Penetration Testing Methodology Outsourcing Penetration Testing Services Evaluating Different Types of Pentest Tools Application Security Assessment Tools Página 9 de 9

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo

AURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo ETHICAL HACKING (CEH) CURRICULUM Introduction to Ethical Hacking What is Hacking? Who is a Hacker? Skills of a Hacker? Types of Hackers? What are the Ethics and Legality?? Who are at the risk of Hacking

More information

ETHICAL HACKING & COMPUTER FORENSIC SECURITY

ETHICAL HACKING & COMPUTER FORENSIC SECURITY ETHICAL HACKING & COMPUTER FORENSIC SECURITY Course Description From forensic computing to network security, the course covers a wide range of subjects. You will learn about web hacking, password cracking,

More information

Ethical Hacking and Prevention

Ethical Hacking and Prevention Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive

More information

SINGLE COURSE. NH9000 Certified Ethical Hacker 104 Total Hours. COURSE TITLE: Certified Ethical Hacker

SINGLE COURSE. NH9000 Certified Ethical Hacker 104 Total Hours. COURSE TITLE: Certified Ethical Hacker NH9000 Certified Ethical Hacker 104 Total Hours COURSE TITLE: Certified Ethical Hacker COURSE OVERVIEW: This class will immerse the student into an interactive environment where they will be shown how

More information

CEH v8 - Certified Ethical Hacker. Course Outline. CEH v8 - Certified Ethical Hacker. 12 May 2018

CEH v8 - Certified Ethical Hacker. Course Outline. CEH v8 - Certified Ethical Hacker.  12 May 2018 Course Outline CEH v8 - Certified Ethical Hacker 12 May 2018 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led Training

More information

V8 - CEH v8 - Certified Ethical Hacker. Course Outline. CEH v8 - Certified Ethical Hacker. 03 Feb 2018

V8 - CEH v8 - Certified Ethical Hacker. Course Outline. CEH v8 - Certified Ethical Hacker.  03 Feb 2018 Course Outline CEH v8 - Certified Ethical Hacker 03 Feb 2018 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led Training

More information

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline

CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker Learn to find security vulnerabilities before the bad guys do! The Certified Ethical Hacker (CEH) class immerses students in an interactive environment

More information

CEH v8 - Certified Ethical Hacker. Course Outline. CEH v8 - Certified Ethical Hacker. 15 Jan

CEH v8 - Certified Ethical Hacker. Course Outline. CEH v8 - Certified Ethical Hacker. 15 Jan Course Outline CEH v8 - Certified Ethical Hacker 15 Jan 2019 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led Training

More information

Certified Ethical Hacker (CEH)

Certified Ethical Hacker (CEH) Certified Ethical Hacker (CEH) COURSE OVERVIEW: The most effective cybersecurity professionals are able to predict attacks before they happen. Training in Ethical Hacking provides professionals with the

More information

Module 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services

Module 1: Penetration Testing Planning and Scoping. Module 2: Basic Usage of Linux and its services Following topics will be covered: Module 1: Penetration Testing Planning and Scoping - Types of penetration testing and ethical hacking projects - Penetration testing methodology - Limitations and benefits

More information

Advanced Ethical Hacking & Penetration Testing. Ethical Hacking

Advanced Ethical Hacking & Penetration Testing. Ethical Hacking Summer Training Internship Program 2017 (STIP - 2017) is a practical oriented & industrial level training program for all students who have aspiration to work in the core technical industry domain. This

More information

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX

Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security HTML PHP Database Linux Operating System and Networking: LINUX NETWORKING Information Gathering:

More information

Course 831 Certified Ethical Hacker v9

Course 831 Certified Ethical Hacker v9 Course 831 Certified Ethical Hacker v9 Duration: 5 days What You Get: CEH v9 Certification exam voucher 5 days of high quality classroom training 18 comprehensive modules 40% of class hours dedicated to

More information

Course 831 EC-Council Certified Ethical Hacker v10 (CEH)

Course 831 EC-Council Certified Ethical Hacker v10 (CEH) Course 831 EC-Council Certified Ethical Hacker v10 (CEH) Duration: 5 days What You Get: CEH v10 Certification exam voucher 5 days of high quality classroom training 18 comprehensive modules 40% of class

More information

Certified Secure Web Application Engineer

Certified Secure Web Application Engineer Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),

More information

CETPA INFOTECH PVT. LTD. Curriculum of CYBER SECURITY DURATION: 6 MONTHS

CETPA INFOTECH PVT. LTD. Curriculum of CYBER SECURITY DURATION: 6 MONTHS CETPA INFOTECH PVT. LTD. Curriculum of CYBER SECURITY DURATION: 6 MONTHS Implementing Cisco IOS Network Security 1.0 Common Security Threats 1.1 Describe common security threats 1.1.a Common threats to

More information

Scanning. Introduction to Hacking. Networking Concepts. Windows Hacking. Linux Hacking. Virus and Worms. Foot Printing.

Scanning. Introduction to Hacking. Networking Concepts. Windows Hacking. Linux Hacking. Virus and Worms. Foot Printing. I Introduction to Hacking Important Terminology Ethical Hacking vs. Hacking Effects of Hacking on Business Why Ethical Hacking Is Necessary Skills of an Ethical Hacker What Is Penetration Testing? Networking

More information

This ethical hacking course puts you in the driver's seat of a hands-on environment with a systematic process.

This ethical hacking course puts you in the driver's seat of a hands-on environment with a systematic process. EC Council Certified Ethical Hacker V9 This ethical hacking course puts you in the driver's seat of a hands-on environment with a systematic process. Here, you will be exposed to an entirely different

More information

CSWAE Certified Secure Web Application Engineer

CSWAE Certified Secure Web Application Engineer CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized

More information

Advanced Diploma on Information Security

Advanced Diploma on Information Security Course Name: Course Duration: Prerequisites: Course Fee: Advanced Diploma on Information Security 300 Hours; 12 Months (10 Months Training + 2 Months Project Work) Candidate should be HSC Pass & Basic

More information

CEH: CERTIFIED ETHICAL HACKER v9

CEH: CERTIFIED ETHICAL HACKER v9 CEH: CERTIFIED ETHICAL HACKER v9 SUMMARY The Certified Ethical Hacker (CEH) program is the core of the most desired information security training system any information security professional will ever

More information

Certified Professional Ethical Hacker

Certified Professional Ethical Hacker Certified Professional Ethical Hacker C)PEH; 5 days, Instructor-led Course Benefits The Certified Professional Ethical Hacker vendor neutral certification course is the foundational training to line of

More information

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management

CompTIA Security+ Malware. Threats and Vulnerabilities Vulnerability Management CompTIA Security+ Lecture Six Threats and Vulnerabilities Vulnerability Management Copyright 2011 - VTC Malware Malicious code refers to software threats to network and systems, including viruses, Trojan

More information

"Charting the Course... Certified Professional Ethical Hacker. Course Summary

Charting the Course... Certified Professional Ethical Hacker. Course Summary Course Summary Description The course is the introductory training to mile2 s line of penetration testing courses and certifications. The course training helps students gain a valuable skill-set in penetration

More information

Mobile MOUSe HACKING REVEALED ONLINE COURSE OUTLINE

Mobile MOUSe HACKING REVEALED ONLINE COURSE OUTLINE Mobile MOUSe HACKING REVEALED ONLINE COURSE OUTLINE COURSE TITLE HACKING REVEALED COURSE DURATION 20 Hour(s) of Self-Paced Interactive Training COURSE OVERVIEW The Hacking Revealed course teaches individuals

More information

Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks

Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition Chapter 3 Investigating Web Attacks Objectives After completing this chapter, you should be able to: Recognize the indications

More information

Audience. Pre-Requisites

Audience. Pre-Requisites T R A N C H U L A S W O R K S H O P S A N D T R A I N I N G S Hands-On Penetration Testing Training Course About Tranchulas Tranchulas is a multinational information security company having its offices

More information

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK

Hacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for

More information

CPTE: Certified Penetration Testing Engineer

CPTE: Certified Penetration Testing Engineer www.peaklearningllc.com CPTE: Certified Penetration Testing Engineer (5 Days) *Includes exam voucher, course video, an exam preparation guide About this course Certified Penetration Testing Engineer certification

More information

Practice Labs Ethical Hacker

Practice Labs Ethical Hacker Practice Labs Ethical Hacker Lab Outline The Ethical Hacker Practice Lab will provide you with the necessary platform to gain hands on skills in security. By completing the lab tasks you will improve your

More information

Drone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created

Drone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created Drone - 2 04/12/2018 Threat Model Description Threats Threat Source Risk Status Date Created Mobile Phone: Sensitive Data Leakage Smart Devices Mobile Phone: Session Hijacking Smart Devices Mobile Phone:

More information

CS System Security 2nd-Half Semester Review

CS System Security 2nd-Half Semester Review CS 356 - System Security 2nd-Half Semester Review Fall 2013 Final Exam Wednesday, 2 PM to 4 PM you may bring one 8-1/2 x 11 sheet of paper with any notes you would like no cellphones, calculators This

More information

SANS SEC504. Hacker Tools, Techniques, Exploits and Incident Handling.

SANS SEC504. Hacker Tools, Techniques, Exploits and Incident Handling. SANS SEC504 Hacker Tools, Techniques, Exploits and Incident Handling http://killexams.com/exam-detail/sec504 QUESTION: 315 Which of the following techniques can be used to map 'open' or 'pass through'

More information

GCIH. GIAC Certified Incident Handler.

GCIH. GIAC Certified Incident Handler. GIAC GCIH GIAC Certified Incident Handler TYPE: DEMO http://www.examskey.com/gcih.html Examskey GIAC GCIH exam demo product is here for you to test the quality of the product. This GIAC GCIH demo also

More information

Ethical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities

Ethical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand

More information

Certified Professional Ethical Hacker

Certified Professional Ethical Hacker Certified Professional Ethical Hacker KEY DATA Course Title: Certified Professional Ethical Hacker Language: English Class Format Options: Instructor-led classroom Live Online Training Prerequisites: 12

More information

CPEH Certified Professional Ethical Hacker

CPEH Certified Professional Ethical Hacker CPEH Certified Professional Ethical Hacker Overview The Certified Professional Ethical Hacker vendor neutral certification course is the foundational training to mile2 s line of penetration testing courses.

More information

Penetration Testing with Kali Linux

Penetration Testing with Kali Linux Penetration Testing with Kali Linux PWK Copyright Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security No part of this publication, in whole or in part, may

More information

Ethical Hacking. Content Outline: Session 1

Ethical Hacking. Content Outline: Session 1 Ethical Hacking Content Outline: Session 1 Ethics & Hacking Hacking history : How it all begin - Why is security needed? - What is ethical hacking? - Ethical Hacker Vs Malicious hacker - Types of Hackers

More information

Web Application Penetration Testing

Web Application Penetration Testing Web Application Penetration Testing COURSE BROCHURE & SYLLABUS Course Overview Web Application penetration Testing (WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate

More information

Chapter 4. Network Security. Part I

Chapter 4. Network Security. Part I Chapter 4 Network Security Part I CCNA4-1 Chapter 4-1 Introducing Network Security Introduction to Network Security CCNA4-2 Chapter 4-1 Introducing Network Security Why is Network Security important? Rapid

More information

EC-Council C EH. Certified Ethical Hacker. Program Brochure

EC-Council C EH. Certified Ethical Hacker. Program Brochure EC-Council TM C EH Program Brochure Target Audience This course will significantly benefit security officers, auditors, security professionals, site administrators, and anyone who is concerned about the

More information

POST GRADUATE DIPLOMA IN CYBER SECURITY (PGDCS)

POST GRADUATE DIPLOMA IN CYBER SECURITY (PGDCS) SYLLABUS OF POST GRADUATE DIPLOMA IN CYBER SECURITY (PGDCS) For Academic Session 2017-18 Duration: 18 Months Total Credit: 48 Semester - I Course Code Course Title Credit CSP 010 Operating System Basics

More information

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each. Name Date Chapter 10: Security After completion of this chapter, students should be able to: Explain why security is important and describe security threats. Explain social engineering, data wiping, hard

More information

RiskSense Attack Surface Validation for Web Applications

RiskSense Attack Surface Validation for Web Applications RiskSense Attack Surface Validation for Web Applications 2018 RiskSense, Inc. Keeping Pace with Digital Business No Excuses for Not Finding Risk Exposure We needed a faster way of getting a risk assessment

More information

Certified Vulnerability Assessor

Certified Vulnerability Assessor Certified Vulnerability Assessor COURSE BENEFITS Course Title:Certified Vulnerability Assessor Duration: 3Day Language: English Class Format Options: Instructor-led classroom Live Online Training Prerequisites:

More information

CEH Tools. Sniffers. - Wireshark: The most popular packet sniffer with cross platform support.

CEH Tools. Sniffers. - Wireshark: The most popular packet sniffer with cross platform support. Sniffers - Wireshark: The most popular packet sniffer with cross platform support. - Tcpdump: A popular CLI sniffer available for both the Unix and Linux platforms. - Windump: Windows version of tcpdump.

More information

Corso: Certified Ethical Hacker Codice PCSNET: ECCC-1 Cod. Vendor: CEH Durata: 5

Corso: Certified Ethical Hacker Codice PCSNET: ECCC-1 Cod. Vendor: CEH Durata: 5 Corso: Certified Ethical Hacker Codice PCSNET: ECCC-1 Cod. Vendor: CEH Durata: 5 Obiettivi La classe immergerà i partecipanti in un ambiente fortemente interattivo nel quale verrà loro mostrato come effettuare

More information

01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED

01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED 01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED Contents 1. Introduction 3 2. Security Testing Methodologies 3 2.1 Internet Footprint Assessment 4 2.2 Infrastructure Assessments

More information

FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months

FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months FRONT RUNNER DIPLOMA PROGRAM Version 8.0 INFORMATION SECURITY Detailed Course Curriculum Course Duration: 6 months MODULE: INTRODUCTION TO INFORMATION SECURITY INFORMATION SECURITY ESSENTIAL TERMINOLOGIES

More information

Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems

Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems Section 1: Command Line Tools Skill 1: Employ commands using command line interface 1.1 Use command line commands to gain situational

More information

DIS10.1 Ethical Hacking and Countermeasures

DIS10.1 Ethical Hacking and Countermeasures DIS10.1 Ethical Hacking and Countermeasures ABOUT DIS Why choose Us. Data and internet security council is the worlds top most information security certification body. Our uniquely designed course for

More information

ECCouncil Exam v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ]

ECCouncil Exam v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ] s@lm@n ECCouncil Exam 312-50v9 Certified Ethical Hacker Exam V9 Version: 7.0 [ Total Questions: 125 ] Question No : 1 An Intrusion Detection System(IDS) has alerted the network administrator to a possibly

More information

Cybersecurity Foundations

Cybersecurity Foundations Cybersecurity Foundations Varighed: 5 Days Kursus Kode: 9701 Beskrivelse: In this cybersecurity course, you will gain a global perspective of the challenges of designing a secure system, touching on all

More information

Exam : JK Title : CompTIA E2C Security+ (2008 Edition) Exam. Version : Demo

Exam : JK Title : CompTIA E2C Security+ (2008 Edition) Exam. Version : Demo Exam : JK0-015 Title : CompTIA E2C Security+ (2008 Edition) Exam Version : Demo 1.Which of the following logical access control methods would a security administrator need to modify in order to control

More information

Certified Ethical Hacker Version 9. Course Outline. Certified Ethical Hacker Version Nov

Certified Ethical Hacker Version 9. Course Outline. Certified Ethical Hacker Version Nov Course Outline Certified Ethical Hacker Version 9 05 Nov 2018 Contents 1. Course Objective 2. Pre-Assessment 3. Exercises, Quizzes, Flashcards & Glossary Number of Questions 4. Expert Instructor-Led Training

More information

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats Internetwork Expert s CCNA Security Bootcamp Common Security Threats http:// Today s s Network Security Challenge The goal of the network is to provide high availability and easy access to data to meet

More information

Endpoint Security - what-if analysis 1

Endpoint Security - what-if analysis 1 Endpoint Security - what-if analysis 1 07/23/2017 Threat Model Threats Threat Source Risk Status Date Created File Manipulation File System Medium Accessing, Modifying or Executing Executable Files File

More information

Access Controls. CISSP Guide to Security Essentials Chapter 2

Access Controls. CISSP Guide to Security Essentials Chapter 2 Access Controls CISSP Guide to Security Essentials Chapter 2 Objectives Identification and Authentication Centralized Access Control Decentralized Access Control Access Control Attacks Testing Access Controls

More information

Basics of executing a penetration test

Basics of executing a penetration test Basics of executing a penetration test 25.04.2013, WrUT BAITSE guest lecture Bernhards Blumbergs, CERT.LV Outline Reconnaissance and footprinting Scanning and enumeration System exploitation Outline Reconnaisance

More information

Erasable Programmable Read-Only Memory (EPROM) Electrically Erasable Programmable Read-Only Memory (EEPROM) CMOS 2.2.

Erasable Programmable Read-Only Memory (EPROM) Electrically Erasable Programmable Read-Only Memory (EEPROM) CMOS 2.2. Day - 1 1. INTRODUCTION 1.1 What is Security? 1.2 What is Cyber Security? 1.3 What is Information Security? 1.4 What are the Layers of Security? 1.5 What are the Classification of Security? 1.6 What are

More information

Solutions Business Manager Web Application Security Assessment

Solutions Business Manager Web Application Security Assessment White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security

More information

CompTIA Security+ (Exam SY0-401)

CompTIA Security+ (Exam SY0-401) CompTIA Security+ (Exam SY0-401) Course Overview This course will prepare students to pass the current CompTIA Security+ SY0-401 certification exam. After taking this course, students will understand the

More information

ECCouncil Certified Ethical Hacker. Download Full Version :

ECCouncil Certified Ethical Hacker. Download Full Version : ECCouncil 312-50 Certified Ethical Hacker Download Full Version : http://killexams.com/pass4sure/exam-detail/312-50 A. Cookie Poisoning B. Session Hijacking C. Cross Site Scripting* D. Web server hacking

More information

CUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE

CUNY John Jay College of Criminal Justice MATH AND COMPUTER SCIENCE Instructor: Prof Aftab Ahmad Office: NB 612 Telephone No. (212)393-6314 Email Address: aahmad@jjay.cuny.edu Office Hours: By appointment TEXT & REFERENCE MATERIAL Text Notes from instructor posted on Blackboard

More information

What action do you want to perform by issuing the above command?

What action do you want to perform by issuing the above command? 1 GIAC - GPEN GIACCertified Penetration Tester QUESTION: 1 You execute the following netcat command: c:\target\nc -1 -p 53 -d -e cmd.exe What action do you want to perform by issuing the above command?

More information

n Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic

n Given a scenario, analyze and interpret output from n A SPAN has the ability to copy network traffic passing n Capacity planning for traffic Chapter Objectives n Understand how to use appropriate software tools to assess the security posture of an organization Chapter #7: Technologies and Tools n Given a scenario, analyze and interpret output

More information

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review

ACS / Computer Security And Privacy. Fall 2018 Mid-Term Review ACS-3921-001/4921-001 Computer Security And Privacy Fall 2018 Mid-Term Review ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been adopted and/or modified

More information

Penetration Testing following OWASP. Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant

Penetration Testing following OWASP. Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant Penetration Testing following OWASP Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant За Лирекс Penetration testing A method of compromising the security of a computer system or network by

More information

EC-Council C EH. Certified Ethical Hacker. Program Brochure

EC-Council C EH. Certified Ethical Hacker. Program Brochure EC-Council TM H Program Brochure Course Description The (CEH) program is the core of the most desired information security training system any information security professional will ever want to be in.

More information

Web Application Security. Philippe Bogaerts

Web Application Security. Philippe Bogaerts Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security

More information

Network Security. Thierry Sans

Network Security. Thierry Sans Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability

More information

Copyright

Copyright 1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?

More information

3. Which of the following is a weakness in a system, application, network or process? A. Threat B. Exploit C. Vulnerability D.

3. Which of the following is a weakness in a system, application, network or process? A. Threat B. Exploit C. Vulnerability D. CEH (v8) Practice Exam (With Key) 1. A person who uses hacking skills for defensive purposes is called a: A. Hacktivist B. Grey hat hacker C. Black hat hacker D. White hat hacker 2. What is the preparatory

More information

BraindumpsIT. BraindumpsIT - IT Certification Company provides Braindumps pdf!

BraindumpsIT.   BraindumpsIT - IT Certification Company provides Braindumps pdf! BraindumpsIT http://www.braindumpsit.com BraindumpsIT - IT Certification Company provides Braindumps pdf! Exam : GPEN Title : GIAC Certified Penetration Tester Vendor : GIAC Version : DEMO Get Latest &

More information

دوره تست نفوذ. Ver.1.2 شما میتوانید آنلاین در این دوره ثبت نام بلافاصله از آن استفاده کنید. Information Gathering. Bash scripting

دوره تست نفوذ. Ver.1.2 شما میتوانید آنلاین در این دوره ثبت نام بلافاصله از آن استفاده کنید. Information Gathering. Bash scripting Ver.1.2 Information Gathering Bash scripting Information gathering (passive) شما میتوانید آنلاین در این دوره ثبت نام کنید و بلافاصله از آن استفاده کنید. دیدن نمونه آموزش هاي دوره تست نفوذ Google operators

More information

COPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51

COPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51 Acknowledgments Introduction Part I: The Basics in Depth 1 Chapter 1: Windows Attacks 3 Attack Classes 3 Automated versus Dedicated Attacker 4 Remote versus Local 7 Types of Attacks 8 Dedicated Manual

More information

CHCSS. Certified Hands-on Cyber Security Specialist (510)

CHCSS. Certified Hands-on Cyber Security Specialist (510) CHCSS Certified Hands-on Cyber Security Specialist () SYLLABUS 2018 Certified Hands-on Cyber Security Specialist () 2 Course Description Entry level cyber security course intended for an audience looking

More information

Security+ SY0-501 Study Guide Table of Contents

Security+ SY0-501 Study Guide Table of Contents Security+ SY0-501 Study Guide Table of Contents Course Introduction Table of Contents About This Course About CompTIA Certifications Module 1 / Threats, Attacks, and Vulnerabilities Module 1 / Unit 1 Indicators

More information

Certified Ethical Hacker

Certified Ethical Hacker Certified Ethical Hacker Certified Ethical Hacker Course Objective Describe how perimeter defenses function by ethically scanning and attacking networks Conduct information systems security audits by understanding

More information

ECCouncil Exam v8 Certified Ethical Hacker v8 Exam Version: 7.0 [ Total Questions: 357 ]

ECCouncil Exam v8 Certified Ethical Hacker v8 Exam Version: 7.0 [ Total Questions: 357 ] s@lm@n ECCouncil Exam 312-50v8 Certified Ethical Hacker v8 Exam Version: 7.0 [ Total Questions: 357 ] Topic break down Topic No. of Questions Topic 1: Background 38 Topic 3: Security 57 Topic 4: Tools

More information

Ethical Hacker Foundation and Security Analysts Course Semester 2

Ethical Hacker Foundation and Security Analysts Course Semester 2 Brochure Software Education Ethical Hacker Foundation and Security Analysts Course Semester 2 The Security Management Course is a graduate-level foundation course in the Information Security space. Brochure

More information

CYBERSECURITY PROFESSIONAL PENETRATION TESTER

CYBERSECURITY PROFESSIONAL PENETRATION TESTER 2018 CYBERSECURITY PROFESSIONAL PENETRATION TESTER DIVERGENCE ACADEMY 11/3/2018 TABLE OF CONTENTS NETWORK EXPLOITATION AND PENTESTING... 4 WIRELESS PENTESTING AND NETWORK EXPLOITATION... 6 PYTHON FOR PENTESTERS...

More information

CERTIFIED ETHICAL HACKER V.6 TRAINING (DVD-ROM, SINGLE USER)

CERTIFIED ETHICAL HACKER V.6 TRAINING (DVD-ROM, SINGLE USER) CERTIFIED ETHICAL HACKER V.6 TRAINING (DVD-ROM, SINGLE USER) Module 1 - Penetration Testing 101 Penetration Testing 101 To Know more about Penetration Testing, Attend EC-Council's LPT Program Introduction

More information

DIS10.1:Ethical Hacking and Countermeasures

DIS10.1:Ethical Hacking and Countermeasures 1 Data and Information security Council DIS10.1:Ethical Hacking and Countermeasures HACKERS ARE NOT BORN, THEY BECOME HACKER About DIS :Data and Internet Security Council DIS is the Globally trusted Brand

More information

Security and Authentication

Security and Authentication Security and Authentication Authentication and Security A major problem with computer communication Trust Who is sending you those bits What they allow to do in your system 2 Authentication In distributed

More information

Certified Penetration Testing Engineer

Certified Penetration Testing Engineer Certified Penetration Testing Engineer ACCREDITATIONS The Certified Penetration Testing Engineer course is accredited by the NSA CNSSI-4013: National Information Assurance Training. EXAM INFORMATION The

More information

Certified Penetration Testing Engineer

Certified Penetration Testing Engineer Certified Penetration Testing Engineer C)PTE; 5 days, Instructor-led Course Overview The vendor neutral Certified Penetration Testing Engineer certification course is built firmly upon proven, hands-on,

More information

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107)

Course overview. CompTIA Security+ Certification (Exam SY0-501) Study Guide (G635eng v107) Overview This course is intended for those wishing to qualify with CompTIA Security+. CompTIA's Security+ Certification is a foundation-level certificate designed for IT administrators with 2 years' experience

More information

Chapter 1 Introduction

Chapter 1 Introduction Chapter 1 Introduction History of Hacking & Hackers What is Information Security? Problems faced by the Corporate World Why Corporate needs Information Security? The CIA Triad Hacking Legal or Not? Type

More information

ANATOMY OF AN ATTACK!

ANATOMY OF AN ATTACK! ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable

More information

Chapter 11: Networks

Chapter 11: Networks Chapter 11: Networks Devices in a Small Network Small Network A small network can comprise a few users, one router, one switch. A Typical Small Network Topology looks like this: Device Selection Factors

More information

Principles of ICT Systems and Data Security

Principles of ICT Systems and Data Security Principles of ICT Systems and Data Security Ethical Hacking Ethical Hacking What is ethical hacking? Ethical Hacking It is a process where a computer security expert, who specialises in penetration testing

More information

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led Certification: Certified Network Defender Exam: 312-38 Course Description This course is a vendor-neutral, hands-on,

More information

Hackveda Training - Ethical Hacking, Networking & Security

Hackveda Training - Ethical Hacking, Networking & Security Hackveda Training - Ethical Hacking, Networking & Security Day1: Hacking windows 7 / 8 system and security Part1 a.) Windows Login Password Bypass manually without CD / DVD b.) Windows Login Password Bypass

More information

PracticeDump. Free Practice Dumps - Unlimited Free Access of practice exam

PracticeDump.   Free Practice Dumps - Unlimited Free Access of practice exam PracticeDump http://www.practicedump.com Free Practice Dumps - Unlimited Free Access of practice exam Exam : SY0-501 Title : CompTIA Security+ Certification Exam Vendor : CompTIA Version : DEMO Get Latest

More information

Contents in Detail. Foreword by Peter Van Eeckhoutte

Contents in Detail. Foreword by Peter Van Eeckhoutte Contents in Detail Foreword by Peter Van Eeckhoutte xix Acknowledgments xxiii Introduction xxv A Note of Thanks.... xxvi About This Book.... xxvi Part I: The Basics.... xxvii Part II: Assessments.........................................

More information

Hacking Our Way to Better Security: Lessons from a Web Application Penetration Test. Tyler Rasmussen Mercer Engineer Research Center

Hacking Our Way to Better Security: Lessons from a Web Application Penetration Test. Tyler Rasmussen Mercer Engineer Research Center Hacking Our Way to Better Security: Lessons from a Web Application Penetration Test Tyler Rasmussen Mercer Engineer Research Center About Me Cybersecurity Engineering Intern @ MERC Senior IT/Cybersecurity

More information

Application Security Approach

Application Security Approach Technical Approach Page 1 CONTENTS Section Page No. 1. Introduction 3 2. What is Application Security 7 3. Typical Approaches 9 4. Methodology 11 Page 2 1. INTRODUCTION Page 3 It is a Unsafe Cyber world..

More information

C)PTE Certified Penetration Testing Engineer

C)PTE Certified Penetration Testing Engineer C)PTE Certified Penetration Testing Engineer Course Details Course Code: Duration: Notes: C)PTE 5 days This course syllabus should be used to determine whether the course is appropriate for the students,

More information